From 8c09223477fcae0a0ebff121ec1d9a92ee44ff38 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 4 Apr 2017 20:42:08 +0200
Subject: [PATCH] The product from NSO Group Technologies added to the list of
 tools.

The Pegasus name is used as synonym of Chrysaor ;-)
---
 clusters/tool.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 65266f7e..0af009d0 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2073,9 +2073,22 @@
           "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/"
         ]
       }
+    },
+    {
+      "meta": {
+        "synonyms": [
+          "Pegasus",
+          "Pegasus spyware"
+        ],
+        "refs": [
+          "https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html"
+        ]
+      },
+      "value": "Chrysaor",
+      "description": "Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout."
     }
   ],
-  "version": 26,
+  "version": 27,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "authors": [